This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Vundo Trojan begins sending out ransomware

Share this article:

The Vundo Trojan has changed its output from scareware to ransomware.

 

Alex Lanstein from the FireEye Malware Intelligence Lab revealed that the authors of Vundo have been pushing a piece of malware that encrypts various personal file types such as pdf, doc and jpg on your system, and ‘coincidentally' push a program called FileFix Pro 2009 which would decrypt them for a fee.

 

Lanstein said: “Although we broke the encryption, it's a sobering realisation of the state of malware that it is now actively extorting users by holding their data ransom. Despite this version of FileFix being trivial to crack, it does not bode well for the future of internet malware.”

 

He explained that Vundo is a generic Trojan that is well known for pushing scareware popups for things such as XPAntiVirus and WinFixer. However in this case it was pushing a popup that ended up being a Trojan, which encrypted all the documents and rendered them unreadable on your system.

 

On the webpage for the ‘fix' at FileFixPro.com, download options are given which Lanstein revealed use server-side polymorphism (or perhaps a ton of binaries) to give a different executable every time it is downloaded. He said: “I assume this is to aggravate anti-virus detection, which appears to be working.”

 

He explained that a member of the FireEye team wrote a script to decrypt files, and in the coming days a tool will be released that can be downloaded that will decrypt all the affected files on your system.

 

 

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Samsung Galaxy S5 fingerprint scanner 'easily hacked'

Samsung Galaxy S5 fingerprint scanner 'easily hacked'

Single step authentication on Galaxy leaves PayPal accounts open to abuse say German researchers.

MSWin 8.1 users must update or lose security patches

MSWin 8.1 users must update or lose security ...

Organisations run the risk of being left defenceless against attackers unless they upgrade from MS Win 8.1

Communication gap indentified between IT and management

Communication gap indentified between IT and management

Bad news is filtered out of communicaiton to the C-suite and 63 percent of IT staff only start talking after a breach has taken place.